feat: add support for API key security schemes in cookies

Author: kelnos

packages/client-axios/src/__tests__/utils.test.ts

@@ -90,6 +90,27 @@ describe('setAuthParams', () => {
     expect(query).toEqual({});
   });
 
+  it('sets an API key in a cookie', async () => {
+    const auth = vi.fn().mockReturnValue('foo');
+    const headers: Record<any, unknown> = {};
+    const query: Record<any, unknown> = {};
+    await setAuthParams({
+      auth,
+      headers,
+      query,
+      security: [
+        {
+          in: 'cookie',
+          name: 'baz',
+          type: 'apiKey',
+        },
+      ],
+    });
+    expect(auth).toHaveBeenCalled();
+    expect(headers.Cookie).toBe('baz=foo');
+    expect(query).toEqual({});
+  });
+
   it('sets first scheme only', async () => {
     const auth = vi.fn().mockReturnValue('foo');
     const headers: Record<any, unknown> = {};

packages/client-axios/src/utils.ts

@@ -171,6 +171,15 @@ export const setAuthParams = async ({
         }
         options.query[name] = token;
         break;
+      case 'cookie': {
+        const value = `${name}=${token}`;
+        if ('Cookie' in options.headers && options.headers['Cookie']) {
+          options.headers['Cookie'] = `${options.headers['Cookie']}; ${value}`;
+        } else {
+          options.headers['Cookie'] = value;
+        }
+        break;
+      }
       case 'header':
       default:
         options.headers[name] = token;

packages/client-core/src/auth.ts

@@ -6,7 +6,7 @@ export interface Auth {
    *
    * @default 'header'
    */
-  in?: 'header' | 'query';
+  in?: 'header' | 'query' | 'cookie';
   /**
    * Header or query parameter name.
    *

packages/client-fetch/src/__tests__/utils.test.ts

@@ -186,4 +186,25 @@ describe('setAuthParams', () => {
     expect(headers.get('baz')).toBeNull();
     expect(query.baz).toBe('Bearer foo');
   });
+
+  it('sets an API key in a cookie', async () => {
+    const auth = vi.fn().mockReturnValue('foo');
+    const headers = new Headers();
+    const query: Record<any, unknown> = {};
+    await setAuthParams({
+      auth,
+      headers,
+      query,
+      security: [
+        {
+          in: 'cookie',
+          name: 'baz',
+          type: 'apiKey',
+        },
+      ],
+    });
+    expect(auth).toHaveBeenCalled();
+    expect(headers.get('Cookie')).toBe('baz=foo');
+    expect(query).toEqual({});
+  });
 });

packages/client-fetch/src/utils.ts

@@ -217,6 +217,9 @@ export const setAuthParams = async ({
         }
         options.query[name] = token;
         break;
+      case 'cookie':
+        options.headers.append('Cookie', `${name}=${token}`);
+        break;
       case 'header':
       default:
         options.headers.set(name, token);

packages/client-next/src/__tests__/utils.test.ts

@@ -186,4 +186,25 @@ describe('setAuthParams', () => {
     expect(headers.get('baz')).toBeNull();
     expect(query.baz).toBe('Bearer foo');
   });
+
+  it('sets an API key in a cookie', async () => {
+    const auth = vi.fn().mockReturnValue('foo');
+    const headers = new Headers();
+    const query: Record<any, unknown> = {};
+    await setAuthParams({
+      auth,
+      headers,
+      query,
+      security: [
+        {
+          in: 'cookie',
+          name: 'baz',
+          type: 'apiKey',
+        },
+      ],
+    });
+    expect(auth).toHaveBeenCalled();
+    expect(headers.get('Cookie')).toBe('baz=foo');
+    expect(query).toEqual({});
+  });
 });

packages/client-next/src/utils.ts

@@ -217,6 +217,9 @@ export const setAuthParams = async ({
         }
         options.query[name] = token;
         break;
+      case 'cookie':
+        options.headers.append('Cookie', `${name}=${token}`);
+        break;
       case 'header':
       default:
         options.headers.set(name, token);

packages/client-nuxt/src/utils.ts

@@ -178,6 +178,9 @@ export const setAuthParams = async ({
         }
         toValue(options.query)[name] = token;
         break;
+      case 'cookie':
+        options.headers.append('Cookie', `${name}=${token}`);
+        break;
       case 'header':
       default:
         options.headers.set(name, token);

packages/openapi-ts/src/plugins/@hey-api/sdk/plugin.ts

@@ -37,7 +37,7 @@ export interface Auth {
    *
    * @default 'header'
    */
-  in?: 'header' | 'query';
+  in?: 'header' | 'query' | 'cookie';
   /**
    * Header or query parameter name.
    *
@@ -175,8 +175,10 @@ const securitySchemeObjectToAuthObject = ({
       };
     }
 
-    // TODO: parser - support cookies auth
-    if (securitySchemeObject.in === 'query') {
+    if (
+      securitySchemeObject.in === 'query' ||
+      securitySchemeObject.in == 'cookie'
+    ) {
       return {
         in: securitySchemeObject.in,
         name: securitySchemeObject.name,

packages/openapi-ts/test/__snapshots__/3.0.x/security-api-key/sdk.gen.ts

@@ -1,7 +1,7 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
 import type { Options as ClientOptions, TDataShape, Client } from '@hey-api/client-fetch';
-import type { GetFooData } from './types.gen';
+import type { GetFooData, GetBarData } from './types.gen';
 import { client as _heyApiClient } from './client.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = ClientOptions<TData, ThrowOnError> & {
@@ -30,4 +30,18 @@ export const getFoo = <ThrowOnError extends boolean = false>(options?: Options<G
         url: '/foo',
         ...options
     });
-};
+};
+
+export const getBar = <ThrowOnError extends boolean = false>(options?: Options<GetBarData, ThrowOnError>) => {
+    return (options?.client ?? _heyApiClient).get<unknown, unknown, ThrowOnError>({
+        security: [
+            {
+                in: 'cookie',
+                name: 'bar',
+                type: 'apiKey'
+            }
+        ],
+        url: '/bar',
+        ...options
+    });
+};

packages/openapi-ts/test/__snapshots__/3.0.x/security-api-key/types.gen.ts

@@ -14,6 +14,20 @@ export type GetFooResponses = {
     200: unknown;
 };
 
+export type GetBarData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: '/bar';
+};
+
+export type GetBarResponses = {
+    /**
+     * OK
+     */
+    200: unknown;
+};
+
 export type ClientOptions = {
     baseUrl: `${string}://${string}` | (string & {});
-};
+};

packages/openapi-ts/test/__snapshots__/3.1.x/clients/@hey-api/client-axios/bundle/client/index.cjs

@@ -1,2 +1,2 @@
-'use strict';var B=require('axios');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var B__default=/*#__PURE__*/_interopDefault(B);var w=async(t,r)=>{let e=typeof r=="function"?await r(t):r;if(e)return t.scheme==="bearer"?`Bearer ${e}`:t.scheme==="basic"?`Basic ${btoa(e)}`:e},z=(t,r,e)=>{typeof e=="string"||e instanceof Blob?t.append(r,e):t.append(r,JSON.stringify(e));},O=(t,r,e)=>{typeof e=="string"?t.append(r,e):t.append(r,JSON.stringify(e));},j={bodySerializer:t=>{let r=new FormData;return Object.entries(t).forEach(([e,i])=>{i!=null&&(Array.isArray(i)?i.forEach(a=>z(r,e,a)):z(r,e,i));}),r}},q={bodySerializer:t=>JSON.stringify(t,(r,e)=>typeof e=="bigint"?e.toString():e)},P={bodySerializer:t=>{let r=new URLSearchParams;return Object.entries(t).forEach(([e,i])=>{i!=null&&(Array.isArray(i)?i.forEach(a=>O(r,e,a)):O(r,e,i));}),r.toString()}},v=t=>{switch(t){case "label":return ".";case "matrix":return ";";case "simple":return ",";default:return "&"}},$=t=>{switch(t){case "form":return ",";case "pipeDelimited":return "|";case "spaceDelimited":return "%20";default:return ","}},k=t=>{switch(t){case "label":return ".";case "matrix":return ";";case "simple":return ",";default:return "&"}},h=({allowReserved:t,explode:r,name:e,style:i,value:a})=>{if(!r){let n=(t?a:a.map(o=>encodeURIComponent(o))).join($(i));switch(i){case "label":return `.${n}`;case "matrix":return `;${e}=${n}`;case "simple":return n;default:return `${e}=${n}`}}let s=v(i),l=a.map(n=>i==="label"||i==="simple"?t?n:encodeURIComponent(n):f({allowReserved:t,name:e,value:n})).join(s);return i==="label"||i==="matrix"?s+l:l},f=({allowReserved:t,name:r,value:e})=>{if(e==null)return "";if(typeof e=="object")throw new Error("Deeply-nested arrays/objects aren\u2019t supported. Provide your own `querySerializer()` to handle these.");return `${r}=${t?e:encodeURIComponent(e)}`},g=({allowReserved:t,explode:r,name:e,style:i,value:a})=>{if(a instanceof Date)return `${e}=${a.toISOString()}`;if(i!=="deepObject"&&!r){let n=[];Object.entries(a).forEach(([u,d])=>{n=[...n,u,t?d:encodeURIComponent(d)];});let o=n.join(",");switch(i){case "form":return `${e}=${o}`;case "label":return `.${o}`;case "matrix":return `;${e}=${o}`;default:return o}}let s=k(i),l=Object.entries(a).map(([n,o])=>f({allowReserved:t,name:i==="deepObject"?`${e}[${n}]`:n,value:o})).join(s);return i==="label"||i==="matrix"?s+l:l};var T=/\{[^{}]+\}/g,E=({path:t,url:r})=>{let e=r,i=r.match(T);if(i)for(let a of i){let s=false,l=a.substring(1,a.length-1),n="simple";l.endsWith("*")&&(s=true,l=l.substring(0,l.length-1)),l.startsWith(".")?(l=l.substring(1),n="label"):l.startsWith(";")&&(l=l.substring(1),n="matrix");let o=t[l];if(o==null)continue;if(Array.isArray(o)){e=e.replace(a,h({explode:s,name:l,style:n,value:o}));continue}if(typeof o=="object"){e=e.replace(a,g({explode:s,name:l,style:n,value:o}));continue}if(n==="matrix"){e=e.replace(a,`;${f({name:l,value:o})}`);continue}let u=encodeURIComponent(n==="label"?`.${o}`:o);e=e.replace(a,u);}return e},U=({allowReserved:t,array:r,object:e}={})=>a=>{let s=[];if(a&&typeof a=="object")for(let l in a){let n=a[l];if(n!=null){if(Array.isArray(n)){s=[...s,h({allowReserved:t,explode:true,name:l,style:"form",value:n,...r})];continue}if(typeof n=="object"){s=[...s,g({allowReserved:t,explode:true,name:l,style:"deepObject",value:n,...e})];continue}s=[...s,f({allowReserved:t,name:l,value:n})];}}return s.join("&")},A=async({security:t,...r})=>{for(let e of t){let i=await w(e,r.auth);if(!i)continue;let a=e.name??"Authorization";switch(e.in){case "query":r.query||(r.query={}),r.query[a]=i;break;case "header":default:r.headers[a]=i;break}return}},b=t=>D({path:t.path,query:t.paramsSerializer?undefined:t.query,querySerializer:typeof t.querySerializer=="function"?t.querySerializer:U(t.querySerializer),url:t.url}),D=({path:t,query:r,querySerializer:e,url:i})=>{let s=i.startsWith("/")?i:`/${i}`;t&&(s=E({path:t,url:s}));let l=r?e(r):"";return l.startsWith("?")&&(l=l.substring(1)),l&&(s+=`?${l}`),s},S=(t,r)=>{let e={...t,...r};return e.headers=y(t.headers,r.headers),e},H=["common","delete","get","head","patch","post","put"],y=(...t)=>{let r={};for(let e of t){if(!e||typeof e!="object")continue;let i=Object.entries(e);for(let[a,s]of i)if(H.includes(a)&&typeof s=="object")r[a]={...r[a],...s};else if(s===null)delete r[a];else if(Array.isArray(s))for(let l of s)r[a]=[...r[a]??[],l];else s!==undefined&&(r[a]=typeof s=="object"?JSON.stringify(s):s);}return r},x=(t={})=>({...t});var I=(t={})=>{let r=S(x(),t),{auth:e,...i}=r,a=B__default.default.create(i),s=()=>({...r}),l=o=>(r=S(r,o),a.defaults={...a.defaults,...r,headers:y(a.defaults.headers,r.headers)},s()),n=async o=>{let u={...r,...o,axios:o.axios??r.axios??a,headers:y(r.headers,o.headers)};u.security&&await A({...u,security:u.security}),u.body&&u.bodySerializer&&(u.body=u.bodySerializer(u.body));let d=b(u);try{let m=u.axios,{auth:c,...R}=u,C=await m({...R,baseURL:u.baseURL,data:u.body,headers:u.headers,params:u.paramsSerializer?u.query:void 0,url:d}),{data:p}=C;return u.responseType==="json"&&(u.responseValidator&&await u.responseValidator(p),u.responseTransformer&&(p=await u.responseTransformer(p))),{...C,data:p??{}}}catch(m){let c=m;if(u.throwOnError)throw c;return c.error=c.response?.data??{},c}};return {buildUrl:b,delete:o=>n({...o,method:"DELETE"}),get:o=>n({...o,method:"GET"}),getConfig:s,head:o=>n({...o,method:"HEAD"}),instance:a,options:o=>n({...o,method:"OPTIONS"}),patch:o=>n({...o,method:"PATCH"}),post:o=>n({...o,method:"POST"}),put:o=>n({...o,method:"PUT"}),request:n,setConfig:l}};exports.createClient=I;exports.createConfig=x;exports.formDataBodySerializer=j;exports.jsonBodySerializer=q;exports.urlSearchParamsBodySerializer=P;//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map
+'use strict';var B=require('axios');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var B__default=/*#__PURE__*/_interopDefault(B);var w=async(t,e)=>{let r=typeof e=="function"?await e(t):e;if(r)return t.scheme==="bearer"?`Bearer ${r}`:t.scheme==="basic"?`Basic ${btoa(r)}`:r},z=(t,e,r)=>{typeof r=="string"||r instanceof Blob?t.append(e,r):t.append(e,JSON.stringify(r));},O=(t,e,r)=>{typeof r=="string"?t.append(e,r):t.append(e,JSON.stringify(r));},j={bodySerializer:t=>{let e=new FormData;return Object.entries(t).forEach(([r,i])=>{i!=null&&(Array.isArray(i)?i.forEach(a=>z(e,r,a)):z(e,r,i));}),e}},k={bodySerializer:t=>JSON.stringify(t,(e,r)=>typeof r=="bigint"?r.toString():r)},$={bodySerializer:t=>{let e=new URLSearchParams;return Object.entries(t).forEach(([r,i])=>{i!=null&&(Array.isArray(i)?i.forEach(a=>O(e,r,a)):O(e,r,i));}),e.toString()}},q=t=>{switch(t){case "label":return ".";case "matrix":return ";";case "simple":return ",";default:return "&"}},v=t=>{switch(t){case "form":return ",";case "pipeDelimited":return "|";case "spaceDelimited":return "%20";default:return ","}},P=t=>{switch(t){case "label":return ".";case "matrix":return ";";case "simple":return ",";default:return "&"}},h=({allowReserved:t,explode:e,name:r,style:i,value:a})=>{if(!e){let n=(t?a:a.map(s=>encodeURIComponent(s))).join(v(i));switch(i){case "label":return `.${n}`;case "matrix":return `;${r}=${n}`;case "simple":return n;default:return `${r}=${n}`}}let o=q(i),l=a.map(n=>i==="label"||i==="simple"?t?n:encodeURIComponent(n):f({allowReserved:t,name:r,value:n})).join(o);return i==="label"||i==="matrix"?o+l:l},f=({allowReserved:t,name:e,value:r})=>{if(r==null)return "";if(typeof r=="object")throw new Error("Deeply-nested arrays/objects aren\u2019t supported. Provide your own `querySerializer()` to handle these.");return `${e}=${t?r:encodeURIComponent(r)}`},g=({allowReserved:t,explode:e,name:r,style:i,value:a})=>{if(a instanceof Date)return `${r}=${a.toISOString()}`;if(i!=="deepObject"&&!e){let n=[];Object.entries(a).forEach(([u,d])=>{n=[...n,u,t?d:encodeURIComponent(d)];});let s=n.join(",");switch(i){case "form":return `${r}=${s}`;case "label":return `.${s}`;case "matrix":return `;${r}=${s}`;default:return s}}let o=P(i),l=Object.entries(a).map(([n,s])=>f({allowReserved:t,name:i==="deepObject"?`${r}[${n}]`:n,value:s})).join(o);return i==="label"||i==="matrix"?o+l:l};var T=/\{[^{}]+\}/g,E=({path:t,url:e})=>{let r=e,i=e.match(T);if(i)for(let a of i){let o=false,l=a.substring(1,a.length-1),n="simple";l.endsWith("*")&&(o=true,l=l.substring(0,l.length-1)),l.startsWith(".")?(l=l.substring(1),n="label"):l.startsWith(";")&&(l=l.substring(1),n="matrix");let s=t[l];if(s==null)continue;if(Array.isArray(s)){r=r.replace(a,h({explode:o,name:l,style:n,value:s}));continue}if(typeof s=="object"){r=r.replace(a,g({explode:o,name:l,style:n,value:s}));continue}if(n==="matrix"){r=r.replace(a,`;${f({name:l,value:s})}`);continue}let u=encodeURIComponent(n==="label"?`.${s}`:s);r=r.replace(a,u);}return r},U=({allowReserved:t,array:e,object:r}={})=>a=>{let o=[];if(a&&typeof a=="object")for(let l in a){let n=a[l];if(n!=null){if(Array.isArray(n)){o=[...o,h({allowReserved:t,explode:true,name:l,style:"form",value:n,...e})];continue}if(typeof n=="object"){o=[...o,g({allowReserved:t,explode:true,name:l,style:"deepObject",value:n,...r})];continue}o=[...o,f({allowReserved:t,name:l,value:n})];}}return o.join("&")},A=async({security:t,...e})=>{for(let r of t){let i=await w(r,e.auth);if(!i)continue;let a=r.name??"Authorization";switch(r.in){case "query":e.query||(e.query={}),e.query[a]=i;break;case "cookie":{let o=`${a}=${i}`;"Cookie"in e.headers&&e.headers.Cookie?e.headers.Cookie=`${e.headers.Cookie}; ${o}`:e.headers.Cookie=o;break}case "header":default:e.headers[a]=i;break}return}},b=t=>D({path:t.path,query:t.paramsSerializer?undefined:t.query,querySerializer:typeof t.querySerializer=="function"?t.querySerializer:U(t.querySerializer),url:t.url}),D=({path:t,query:e,querySerializer:r,url:i})=>{let o=i.startsWith("/")?i:`/${i}`;t&&(o=E({path:t,url:o}));let l=e?r(e):"";return l.startsWith("?")&&(l=l.substring(1)),l&&(o+=`?${l}`),o},C=(t,e)=>{let r={...t,...e};return r.headers=y(t.headers,e.headers),r},H=["common","delete","get","head","patch","post","put"],y=(...t)=>{let e={};for(let r of t){if(!r||typeof r!="object")continue;let i=Object.entries(r);for(let[a,o]of i)if(H.includes(a)&&typeof o=="object")e[a]={...e[a],...o};else if(o===null)delete e[a];else if(Array.isArray(o))for(let l of o)e[a]=[...e[a]??[],l];else o!==undefined&&(e[a]=typeof o=="object"?JSON.stringify(o):o);}return e},S=(t={})=>({...t});var I=(t={})=>{let e=C(S(),t),{auth:r,...i}=e,a=B__default.default.create(i),o=()=>({...e}),l=s=>(e=C(e,s),a.defaults={...a.defaults,...e,headers:y(a.defaults.headers,e.headers)},o()),n=async s=>{let u={...e,...s,axios:s.axios??e.axios??a,headers:y(e.headers,s.headers)};u.security&&await A({...u,security:u.security}),u.body&&u.bodySerializer&&(u.body=u.bodySerializer(u.body));let d=b(u);try{let m=u.axios,{auth:c,...R}=u,x=await m({...R,baseURL:u.baseURL,data:u.body,headers:u.headers,params:u.paramsSerializer?u.query:void 0,url:d}),{data:p}=x;return u.responseType==="json"&&(u.responseValidator&&await u.responseValidator(p),u.responseTransformer&&(p=await u.responseTransformer(p))),{...x,data:p??{}}}catch(m){let c=m;if(u.throwOnError)throw c;return c.error=c.response?.data??{},c}};return {buildUrl:b,delete:s=>n({...s,method:"DELETE"}),get:s=>n({...s,method:"GET"}),getConfig:o,head:s=>n({...s,method:"HEAD"}),instance:a,options:s=>n({...s,method:"OPTIONS"}),patch:s=>n({...s,method:"PATCH"}),post:s=>n({...s,method:"POST"}),put:s=>n({...s,method:"PUT"}),request:n,setConfig:l}};exports.createClient=I;exports.createConfig=S;exports.formDataBodySerializer=j;exports.jsonBodySerializer=k;exports.urlSearchParamsBodySerializer=$;//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

packages/openapi-ts/test/__snapshots__/3.1.x/clients/@hey-api/client-axios/bundle/client/index.d.cts

@@ -7,7 +7,7 @@ interface Auth {
      *
      * @default 'header'
      */
-    in?: 'header' | 'query';
+    in?: 'header' | 'query' | 'cookie';
     /**
      * Header or query parameter name.
      *

packages/openapi-ts/test/__snapshots__/3.1.x/clients/@hey-api/client-axios/bundle/client/index.d.ts

@@ -7,7 +7,7 @@ interface Auth {
      *
      * @default 'header'
      */
-    in?: 'header' | 'query';
+    in?: 'header' | 'query' | 'cookie';
     /**
      * Header or query parameter name.
      *